지난 하루 동안 내 서버가 스팸을 보내는 데 사용되고 있었습니다. 저는 Amazon Linux Distro(RedHat 기반)를 사용하고 있습니다. sendmail 8.14.4가 있습니다. 인증, SSL 등을 요구하도록 설정되어 있습니다. 다음은 로그 및 mqueue에서 일부 발췌한 것입니다. 무슨 일이 일어나고 있는지 어떻게 확인하고 해결할 수 있나요?
Sep 10 21:57:03 ps-aws-p1 sendmail[11662]: r8AJtH4r011662: from=<[email protected]>, size=464, class=0, nrcpts=10, msgid=<[email protected]>, proto=ESMTP, daemon=TLSMTA, relay=dsl-189-187-243-152-dyn.prod-infinitum.com.mx [189.187.243.152] (may be forged)
Sep 10 21:57:12 ps-aws-p1 sendmail[11781]: r8AJtH4r011662: to=<[email protected]>, delay=00:00:18, xdelay=00:00:09, mailer=esmtp, pri=390464, relay=mailin-01.mx.aol.com. [205.188.159.42], dsn=5.1.1, stat=User unknown
Sep 10 21:57:19 ps-aws-p1 sendmail[11781]: r8AJtH4r011662: to=<[email protected]>, delay=00:00:25, xdelay=00:00:03, mailer=esmtp, pri=390464, relay=mx1.earthlink.net. [209.86.93.226], dsn=2.0.0, stat=Sent (1vju3P5qX3Nl34d0 Message accepted for delivery)
Sep 10 21:57:20 ps-aws-p1 sendmail[11781]: r8AJtH4r011662: to=<[email protected]>, delay=00:00:26, xdelay=00:00:01, mailer=esmtp, pri=390464, relay=gmail-smtp-in.l.google.com. [74.125.136.27], dsn=2.0.0, stat=Sent (OK 1378843040 x42si1080567eel.116 - gsmtp)
Sep 10 21:57:21 ps-aws-p1 sendmail[11781]: r8AJtH4r011662: to=<[email protected]>, delay=00:00:27, xdelay=00:00:01, mailer=esmtp, pri=390464, relay=mx2.hotmail.com. [65.55.37.88], dsn=5.1.1, stat=User unknown
Sep 10 21:57:22 ps-aws-p1 sendmail[11781]: r8AJtH4r011662: to=<[email protected]>,<[email protected]>, delay=00:00:28, xdelay=00:00:02, mailer=esmtp, pri=390464, relay=mx2.hotmail.com. [65.55.37.88], dsn=2.0.0, stat=Sent ( <[email protected]> Queued mail for delivery)
Sep 10 21:57:24 ps-aws-p1 sendmail[11781]: r8AJtH4r011662: to=<[email protected]>, delay=00:00:30, xdelay=00:00:02, mailer=esmtp, pri=390464, relay=zeno.mx25.net. [207.210.234.36], dsn=2.0.0, stat=Sent (893 bytes received in 00:00:00; Message id 201309101457230095 accepted for delivery)
Sep 10 21:57:25 ps-aws-p1 sendmail[11781]: r8AJtH4r011662: to=<[email protected]>, delay=00:00:31, xdelay=00:00:01, mailer=esmtp, pri=390464, relay=mx1.seznam.cz. [77.75.76.42], dsn=4.3.5, stat=Deferred: 451 4.3.5 Temporarily unavailable, try again later.
Sep 10 21:57:26 ps-aws-p1 sendmail[11781]: r8AJtH4r011662: to=<[email protected]>, delay=00:00:32, xdelay=00:00:02, mailer=esmtp, pri=390464, relay=mx2.seznam.cz. [77.75.76.32], dsn=4.3.5, stat=Deferred: 451 4.3.5 Temporarily unavailable, try again later.
Sep 10 21:57:28 ps-aws-p1 sendmail[11781]: r8AJtH4r011662: to=<[email protected]>,<[email protected]>, delay=00:00:34, xdelay=00:00:02, mailer=esmtp, pri=390464, relay=mta5.am0.yahoodns.net. [98.138.112.34], dsn=2.0.0, stat=Sent (ok dirdel 1/1)
Sep 10 21:57:28 ps-aws-p1 sendmail[11781]: r8AJtH4r011662: r8AJvS4i011781: DSN: User unknown
> V8 T1378843014 K0 N0 P300464 Fbs
> $_dsl-189-187-243-152-dyn.prod-infinitum.com.mx [189.187.243.152] (may
> be forged) $rESMTP $saambanyoqp ${daemon_flags}s a
> ${if_addr}10.246.123.145 S<[email protected]> rRFC822;
> [email protected] RPFD:<[email protected]> rRFC822;
> [email protected] RPFD:<[email protected]> rRFC822;
> [email protected] RPFD:<[email protected]> rRFC822;
> [email protected] RPFD:<[email protected]> rRFC822;
> [email protected] RPFD:<[email protected]>
> rRFC822; [email protected]
> RPFD:<[email protected]> rRFC822; [email protected]
> RPFD:<[email protected]> rRFC822; [email protected] RPFD:<[email protected]>
> rRFC822; [email protected] RPFD:<[email protected]> rRFC822;
> [email protected] RPFD:<[email protected]> H?P?Return-Path:
> <<81>g> H??Received: from aambanyoqp
> (dsl-189-187-243-152-dyn.prod-infinitum.com.mx [189.187.243.152] (may
> be forged))
> (authenticated bits=0)
> by ps-aws-p1.project-syndicate.org (8.14.4/8.14.4) with ESMTP id r8AJtH4r011662
> (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO);
> Tue, 10 Sep 2013 21:56:54 +0200 H?M?Message-Id: <[email protected]>
> H??Subject: H??From: "Wri Jm" <[email protected]> H??To:
> <[email protected]>, <[email protected]>,
> <[email protected]>, <[email protected]>,
> <[email protected]>, <[email protected]>, <[email protected]>,
> <[email protected]>, <[email protected]>,
> <[email protected]> H??Date: Tue, 10 Sep 2013 20:47:12 -0700 H??Mime-Version: 1.0 H??Content-Type: text/plain; charset="utf-7"
답변1
smtp 비밀번호가 손상되었을 가능성이 높습니다.
sendmail 로그에 SMTP AUTH 자격 증명을 사용하도록 합니다. LogLevel을 10으로 늘립니다. 필수 sendmail.mc 줄은 다음과 같습니다.
define(`confLOG_LEVEL', `10')dnl
sendmail.mc를 sendmail.cf로 다시 컴파일해야 합니다. Sendmail 데몬은 sendmail.cf의 새 버전을 "확인"하기 위해 다시 시작(또는 HUP 신호 전송)이 필요합니다.